diff --git a/python/ql/lib/semmle/python/ApiGraphs.qll b/python/ql/lib/semmle/python/ApiGraphs.qll index b45c10e1417..efd8141efc6 100644 --- a/python/ql/lib/semmle/python/ApiGraphs.qll +++ b/python/ql/lib/semmle/python/ApiGraphs.qll @@ -451,6 +451,7 @@ module API { * allowing this predicate to be used in a negative * context when constructing new nodes. */ + overlay[local] predicate moduleImportExists(string m) { Impl::isImported(m) and // restrict `moduleImport` so it will never give results for a dotted name. Note @@ -695,6 +696,7 @@ module API { * * This is determined syntactically. */ + overlay[local] cached predicate isImported(string name) { // Ignore the following module name for Python 2, as we alias `__builtin__` to `builtins` elsewhere diff --git a/python/ql/lib/semmle/python/dataflow/new/FlowSummary.qll b/python/ql/lib/semmle/python/dataflow/new/FlowSummary.qll index f83870ab050..f9a95124187 100644 --- a/python/ql/lib/semmle/python/dataflow/new/FlowSummary.qll +++ b/python/ql/lib/semmle/python/dataflow/new/FlowSummary.qll @@ -25,6 +25,7 @@ deprecated module SummaryComponentStack = Impl::Private::SummaryComponentStack; class Provenance = Impl::Public::Provenance; /** Provides the `Range` class used to define the extent of `SummarizedCallable`. */ +overlay[local] module SummarizedCallable { /** A callable with a flow summary, identified by a unique string. */ abstract class Range extends LibraryCallable, Impl::Public::SummarizedCallable { diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/Attributes.qll b/python/ql/lib/semmle/python/dataflow/new/internal/Attributes.qll index e9bcc5e6785..8778ae28866 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/Attributes.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/Attributes.qll @@ -1,4 +1,6 @@ /** This module provides an API for attribute reads and writes. */ +overlay[local] +module; private import python import DataFlowUtil diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/Builtins.qll b/python/ql/lib/semmle/python/dataflow/new/internal/Builtins.qll index 9ed9e7d7a2b..6a66d241083 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/Builtins.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/Builtins.qll @@ -1,4 +1,6 @@ /** Provides predicates for reasoning about built-ins in Python. */ +overlay[local] +module; private import python private import semmle.python.dataflow.new.DataFlow diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImpl.qll b/python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImpl.qll index 449b51565a8..41cb0368b50 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImpl.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImpl.qll @@ -1,6 +1,8 @@ /** * Provides classes and predicates for defining flow summaries. */ +overlay[local] +module; private import python private import codeql.dataflow.internal.FlowSummaryImpl @@ -99,6 +101,7 @@ module Input implements InputSig private import Make as Impl private module StepsInput implements Impl::Private::StepsInputSig { + overlay[global] DataFlowCall getACall(Public::SummarizedCallable sc) { result = TPotentialLibraryCall([ diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/ImportStar.qll b/python/ql/lib/semmle/python/dataflow/new/internal/ImportStar.qll index 564630c47db..83f8ee862c3 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/ImportStar.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/ImportStar.qll @@ -1,4 +1,6 @@ /** Provides predicates for reasoning about uses of `import *` in Python. */ +overlay[local] +module; private import python private import semmle.python.dataflow.new.internal.Builtins @@ -11,6 +13,7 @@ module ImportStar { * Holds if `n` is an access of a variable called `name` (which is _not_ the name of a * built-in, and which is _not_ a global defined in the enclosing module) inside the scope `s`. */ + overlay[local] cached predicate namePossiblyDefinedInImportStar(NameNode n, string name, Scope s) { n.isLoad() and @@ -61,6 +64,7 @@ module ImportStar { * Holds if `n` may refer to a global variable of the same name in the module `m`, accessible * from the scope of `n` by a chain of `import *` imports. */ + overlay[global] cached predicate importStarResolvesTo(NameNode n, Module m) { m = getStarImported+(n.getEnclosingModule()) and @@ -71,6 +75,7 @@ module ImportStar { /** * Gets a module that is imported from `m` via `import *`. */ + overlay[global] cached Module getStarImported(Module m) { exists(ImportStar i, DataFlow::CfgNode imported_module | @@ -92,6 +97,7 @@ module ImportStar { * * this would return the data-flow nodes corresponding to `foo.bar` and `quux`. */ + overlay[local] cached ControlFlowNode potentialImportStarBase(Scope s) { result = any(ImportStarNode n | n.getScope() = s).getModule() diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/IterableUnpacking.qll b/python/ql/lib/semmle/python/dataflow/new/internal/IterableUnpacking.qll index e83e789c2fb..5def15fa3c8 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/IterableUnpacking.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/IterableUnpacking.qll @@ -166,6 +166,8 @@ * * `c`: [ListElementContent] */ +overlay[local] +module; private import python private import DataFlowPublic diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/MatchUnpacking.qll b/python/ql/lib/semmle/python/dataflow/new/internal/MatchUnpacking.qll index 8064c34d921..e72e378da52 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/MatchUnpacking.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/MatchUnpacking.qll @@ -50,6 +50,8 @@ * keyword arguments using the `__match_args__` attribute on the class. We do not * currently model this. */ +overlay[local] +module; private import python private import DataFlowPublic diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/VariableCapture.qll b/python/ql/lib/semmle/python/dataflow/new/internal/VariableCapture.qll index 5ed365a8e56..fbe05979328 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/VariableCapture.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/VariableCapture.qll @@ -1,4 +1,6 @@ /** Provides logic related to captured variables. */ +overlay[local] +module; private import python private import DataFlowPublic diff --git a/python/ql/lib/semmle/python/frameworks/Flask.qll b/python/ql/lib/semmle/python/frameworks/Flask.qll index b9bba675ac0..f819e867907 100644 --- a/python/ql/lib/semmle/python/frameworks/Flask.qll +++ b/python/ql/lib/semmle/python/frameworks/Flask.qll @@ -2,6 +2,8 @@ * Provides classes modeling security-relevant aspects of the `flask` PyPI package. * See https://flask.palletsprojects.com/en/1.1.x/. */ +overlay[local?] +module; private import python private import semmle.python.dataflow.new.DataFlow diff --git a/python/ql/lib/semmle/python/frameworks/Stdlib.qll b/python/ql/lib/semmle/python/frameworks/Stdlib.qll index e749ab66f8b..5d3b994880a 100644 --- a/python/ql/lib/semmle/python/frameworks/Stdlib.qll +++ b/python/ql/lib/semmle/python/frameworks/Stdlib.qll @@ -2,6 +2,8 @@ * Provides classes modeling security-relevant aspects of the standard libraries. * Note: some modeling is done internally in the dataflow/taint tracking implementation. */ +overlay[local?] +module; private import python private import semmle.python.dataflow.new.DataFlow diff --git a/python/ql/lib/semmle/python/frameworks/data/ModelsAsData.qll b/python/ql/lib/semmle/python/frameworks/data/ModelsAsData.qll index e66f2c01d70..542f8c995e9 100644 --- a/python/ql/lib/semmle/python/frameworks/data/ModelsAsData.qll +++ b/python/ql/lib/semmle/python/frameworks/data/ModelsAsData.qll @@ -8,6 +8,8 @@ * The package name refers to the top-level module the import comes from, and not a PyPI package. * So for `from foo.bar import baz`, the package will be `foo`. */ +overlay[local?] +module; private import python private import internal.ApiGraphModels as Shared diff --git a/python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModelsSpecific.qll b/python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModelsSpecific.qll index 7adc24bab14..3136f87569c 100644 --- a/python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModelsSpecific.qll +++ b/python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModelsSpecific.qll @@ -30,6 +30,7 @@ import semmle.python.dataflow.new.DataFlow::DataFlow as DataFlow * Holds if models describing `type` may be relevant for the analysis of this database. */ bindingset[type] +overlay[local] predicate isTypeUsed(string type) { // If `type` is a path, then it is the first component that should be imported. API::moduleImportExists(type.splitAt(".", 0)) @@ -39,6 +40,7 @@ predicate isTypeUsed(string type) { * Holds if `type` can be obtained from an instance of `otherType` due to * language semantics modeled by `getExtraNodeFromType`. */ +overlay[local] predicate hasImplicitTypeModel(string type, string otherType) { none() } /** Gets a Python-specific interpretation of the `(type, path)` tuple after resolving the first `n` access path tokens. */ diff --git a/python/ql/lib/semmle/python/internal/Awaited.qll b/python/ql/lib/semmle/python/internal/Awaited.qll index cd5162e6151..43affdf95a4 100644 --- a/python/ql/lib/semmle/python/internal/Awaited.qll +++ b/python/ql/lib/semmle/python/internal/Awaited.qll @@ -3,6 +3,8 @@ * * Provides helper class for defining additional API graph edges. */ +overlay[local] +module; private import python private import semmle.python.dataflow.new.DataFlow diff --git a/python/ql/lib/semmle/python/internal/CachedStages.qll b/python/ql/lib/semmle/python/internal/CachedStages.qll index df96e849855..7379cc51372 100644 --- a/python/ql/lib/semmle/python/internal/CachedStages.qll +++ b/python/ql/lib/semmle/python/internal/CachedStages.qll @@ -177,6 +177,7 @@ module Stages { * Always holds. * Ensures that a predicate is evaluated as part of the DataFlow stage. */ + overlay[local] cached predicate ref() { 1 = 1 } diff --git a/python/ql/test/library-tests/dataflow/summaries/TestSummaries.qll b/python/ql/test/library-tests/dataflow/summaries/TestSummaries.qll index 11b9c0ef09e..14d68455d62 100644 --- a/python/ql/test/library-tests/dataflow/summaries/TestSummaries.qll +++ b/python/ql/test/library-tests/dataflow/summaries/TestSummaries.qll @@ -1,3 +1,6 @@ +overlay[local?] +module; + private import python private import semmle.python.dataflow.new.FlowSummary private import semmle.python.ApiGraphs diff --git a/python/ql/test/library-tests/dataflow/typetracking-summaries/TestSummaries.qll b/python/ql/test/library-tests/dataflow/typetracking-summaries/TestSummaries.qll index c4c4096c686..57e0013b6e0 100644 --- a/python/ql/test/library-tests/dataflow/typetracking-summaries/TestSummaries.qll +++ b/python/ql/test/library-tests/dataflow/typetracking-summaries/TestSummaries.qll @@ -1,3 +1,6 @@ +overlay[local?] +module; + private import python private import semmle.python.dataflow.new.FlowSummary private import semmle.python.ApiGraphs